> but malicious script authors will have no such qualms, so I would
> argue that your provider's strategy is already doomed... --[[smcv]]
+>> I agree, and I'll ask them to fix it (and probably refer them to this page).
+>> One reason they still have my business is that their customer service has
+>> been notably good; I always get a response from a human on the first try,
+>> and on the first or second try from a human who understands what I'm saying
+>> and is able to fix it. With a few exceptions over the years. I've dealt with organizations not like that....
+>>
+>> But I included the note here because I'm sure if _they're_ doing it, there's
+>> probably some nonzero number of other hosting providers where it's also
+>> happening, so a person setting up OpenID and being baffled by this failure
+>> needs to know to check for it. Also, while the world of user-agent strings
+>> can't have anything but relatively luckier and unluckier choices, maybe
+>> `libwww/perl` is an especially unlucky one?
+
+>>> Yippee! _My_ provider found their offending `mod_security` rule and took it out,
+>>> so now [ikiwiki.info](/) accepts my OpenID. I'm still not sure it wouldn't be
+>>> worthwhile to change the useragent default.... -- Chap
+
+
## Error: OpenID failure: naive_verify_failed_network: Could not contact ID provider to verify response.
Again, this could have various causes. It was helpful to bump the debug level
> To be clear, these are patches to [[!cpan LWPx::ParanoidAgent]].
> Debian's `liblwpx-paranoidagent-perl (>= 1.10-3)` appears to
> have those two patches. --[[smcv]]
+>
+> Irrelevant to this ikiwiki instance, perhaps relevant to others:
+> I've added these patches to [pkgsrc](http://www.pkgsrc.org)'s
+> [[!pkgsrc www/p5-LWPx-ParanoidAgent]] and they'll be included in the
+> soon-to-be-cut 2014Q3 branch. --[[schmonz]]
## Still naive_verify_failed_network, new improved reason
> but equally it might be as bad as it seems at first glance.
> "Let the buyer beware", I think... --[[smcv]]
+>> As far as I can tell, this particular provider _is_ on Red Hat (EL 5).
+>> I can't conclusively tell because I'm in what appears to be a CloudLinux container when I'm in,
+>> and certain parts of the environment (like `rpm`) I can't see. But everything
+>> I _can_ see is like several RHEL5 boxen I know and love.
+
+
### Local OpenSSL installation will need certs to trust
Bear in mind that the OpenSSL distribution doesn't come with a collection
> Also in Debian's `liblwpx-paranoidagent-perl (>= 1.10-3)`, for the record.
> --[[smcv]]
+>
+> And now in pkgsrc's `www/p5-LWPx-ParanoidAgent`, FWIW. --[[schmonz]]
Only that still doesn't end the story, because that hand didn't know what
[this hand](https://github.com/noxxi/p5-io-socket-ssl/commit/4f83a3cd85458bd2141f0a9f22f787174d51d587#diff-1)
> (which is where ikiwiki.info's supporting packages come from).
> Please report it upstream too, if the Debian maintainer doesn't
> get there first. --[[smcv]]
+>
+> Applied in pkgsrc. I haven't attempted to conduct before-and-after
+> test odysseys, but here's hoping your travails save others some
+> time and effort. --[[schmonz]]
# Success!!